Future of Digital Economy and Society System Initiative
To meet this rapidly expanding obligation, leaders have taken a variety of approaches to securing their
digital domains. These policies are shaped by their experience with the networked world and unique
national objectives and vulnerabilities. For all their differences, however, these policy approaches to
assuring security share a significant commonality: success depends on collaboration between the public
and private sectors. However, effective collaboration is uniquely difficult in the domain of cybersecurity. Cyberthreats are complex, with an ever-expanding and exposed surface for malicious actors to exploit. Each new innovation brings with it new and sometimes unexpected vulnerabilities. That complexity is compounded by
the speed and ease with which threats materialize in the digital domain — no expensive “Manhattan Project”
style effort is necessary to weaponize computer science.
Additionally, the first line of security here is rarely the government. Rather, the first line of security is comprised
of the firms and organizations developing this increasingly networked, digitized and connected space.
Public-private collaboration is almost always difficult because of the complexity underlying the interplay
between the roles, responsibilities and obligations that the public and private sectors have vis-à-vis each other and
the citizens who rely on them. The difficulties of publicprivate collaboration are magnified when a topic, such as
security, is deeply connected to notions of sovereignty: multinational businesses and customers walk a tightrope
between potentially contradictory national obligations.
In the case of cybersecurity, that tension is further strained by the decidedly personal nature of securing bits
and pieces of an increasing portion of people’s lives. The relationship and — at times trade-off — between security
and other values magnifies the need to be inclusive in representing and negotiating between different interests
Despite these challenges, advancing cyber resilience requires the public and private sectors to collaborate in
new and innovative ways. This Playbook is recommended for use by the public and private sectors, together, as a
tool to facilitate discussions on building the institutions, frameworks, policies, norms and processes necessary
to support collaboration in this vital space.